Web site defacement reports jump in 2001

The number of vandalized Web sites recorded by defacement archive Alldas.de jumped in 2001 to 22,379, over five times more than the 4,393 defacements logged in 2000.

Mostly Brazilian cybervandals are responsible for the surge in defacements, according to Fredrik Ostergren, a Sweden-based security analyst and spokesman for Alldas.de, who also said that more Internet users in general are trying out tools to hack into Web sites.

“Many of the defacers we have in the scene today are located in Brazil,” he said in an e-mail response to a reporter’s questions. “One of the reasons for the increase in defacements is more people getting connected to the Internet, especially in Brazil.”

A defacer is a hacker who breaks into a Web server and defaces the Web site by replacing or altering the front page.

Alldas.de has been tracking defacements since 1998 and offers snapshots of defaced Web sites as well as security analyses and statistics. The site gained in popularity after its U.S. counterpart Attrition.org stopped hosting copies of defaced sites in May.

More exposure for Alldas.de helped the Web site increase the number of defacements logged, although Alldas.de had a big network before Attrition stopped archiving, Ostergren said.

The number of defacements was especially high in April and May, with 3,003 and 3,431 sites altered respectively. U.S. and Chinese hackers were said to be fighting a “cyberwar” in those months after a U.S. spy plane crash-landed in China on April 1, and the U.S. Federal Bureau of Investigation warned at the time of increased attacks by Chinese hackers.

Most popular among cybervandals are well-known sites. For example, last year SANS Institute and Amnesty International fell victim to defacers, Ostergren said.

Over 60 per cent of defaced Web sites logged to date by Alldas.de were hosted on a Microsoft Corp. Windows server, 20 per cent on a server running Linux.

Attackers mostly exploit known vulnerabilities in server software with hack software that is readily available on the Internet. Applying security patches will keep most defacers out, according to Ostergren.

“Mostly well-known exploits are used to penetrate servers. Secure yourself. I can tell for sure that nothing is secure, but please add the latest patches to your Web server, it is not hard, administrators,” Ostergren called out.

Defacing will continue in 2002, Ostergren said, but he doesn’t expect a big increase in the number of defacements.

“I don’t think it will increase much, hopefully decrease as administrators wake up and secure their servers,” he said.

Alldas.de can be found at http://www.alldas.de/.